If recent security and privacy concerns about Dropbox make you think twice about using the popular file storage and syncing tool, there's an easy way to further protect your sensitive files stored on Dropbox: yes, we're talking about encryption.

Free utility Dropbox is great at syncing files between computers, but it has a lot more potential…
Read more Read more

What's All the Fuss?

Dropbox has had a few privacy and security stumbles in recent months. Most recently, an authentication bug allowed anyone to log into your account with any password over a four hour period. Back in April, Business Insider reported an update to Dropbox's security terms of service reveals the company can decrypt your files and provide them to the government if required to do so—in other words, if you thought Dropbox couldn't decrypt your data, you were wrong. (Dropbox responds here.) This may all just be par for the course with cloud-based services (we believe you should consider all your passwords vulnerable to cracking if someone wanted to do so badly enough), but at least a few people feel uneasy about Dropbox's recent problems.

How to Encrypt Your Sensitive Data on Dropbox

A Cross-Platform Method: Use an Encrypted Zip File

Another Easy Option: Automatically Encrypt Data with SecretSync

Previously mentioned Windows program SecretSync provides an easy way to encrypt a local folder before sending it to Dropbox. You install the app, it creates a new folder on your computer, and anything you place in that folder is automatically encrypted and then synced with Dropbox. It's actually quite clever.

Windows: We've shown you how to add a second layer of encryption to Dropbox, but if…
Read more Read more

If the idea of securing your cloud data by putting your trust in yet another cloud service is too much, you could instead encrypt your data yourself with the cross-platform, open-source encryption application TrueCrypt. Essentially you'd manually encrypt your files, then store your encrypted files on Dropbox. It won't be as easy to share or work with individual documents encrypted with TrueCrypt as non-TrueCrypt-encrypted files, but even Dropbox itself recommends using TrueCrypt for your most sensitive documents.

In this scenario, you'll basically just store your sensitive data in your TrueCrypt container, which is saved to your Dropbox folder. Our steps for encrypting your data with TrueCrypt in this case remain the same. Just select the Dropbox folder as the TrueCrypt container location.

If you've never used TrueCrypt before, here are the steps, taken from our previous guide but adjusted specifically for Dropbox usage:
1. Download, install, and launch TrueCrypt
2. After hitting the "Create Volume" button, choose the default to "create an encrypted file container" and a "Standard TrueCrypt Volume".
3. Here's where the steps differ: When prompted to select a location for your TrueCrypt Volume, navigate to your Dropbox folder.
4. Then you'll run through the rest of the TrueCrypt encryption steps, including selecting the default AES encryption scheme and volume size (choose a capacity less, obviously, than your total Dropbox account storage space).

Once you've entered your volume password and formatted the TrueCrypt volume, it'll be saved and ready for action in your Dropbox folder.

To mount the volume as a virtual—but encrypted—drive that you can copy and paste to, from the TrueCrypt program, select a drive letter, then select your TrueCrypt file in the Dropbox folder, and click "Mount."

You'll be able to copy and paste sensitive documents to that encrypted container just like you would a regular drive, as long as the volume is mounted.

The above works well when you have a mix of plain old documents and more sensitive files that you want to store together on Dropbox—you can use a TrueCrypt container for your most sensitive files and the regular service for everything else (for easy collaboration and remote editing). Encrypting your files before storing them on Dropbox is also your main recourse when it comes to privacy and security concerns about the service having access to your data.

If you want encrypt everything in your Dropbox folder locally, you can just move the Dropbox folder into a TrueCrypt container. As readers pointed out, this won't address the privacy concerns of Dropbox being able to decrypt your information, but it would secure the contents of your Dropbox in case, say, you lost your laptop or your computer was compromised. Here are the instructions from Dropbox of this process:

Once it's formatted, make sure the TrueCrypt volume will be mounted on logon:

In TrueCrypt, click on the Select File button, select the container you just created, click on an unused drive letter and then click the Mount button.

From the Favorites menu, select Add Mounted Volume to Favorites and make sure Mount select volume upon login is checked.

Next, we'll move Dropbox to the encrypted TrueCrypt drive:

Right-click on the Dropbox icon in the system tray and go to Preferences.

In the Advanced tab, click the Move button to change the location for Dropbox to the virtual drive letter you just created.

Finally, Dropbox recommends creating a login script to modify Dropbox so it will wait until the drive is ready before starting:

In your Dropbox preferences, click the General tab, then turn off the checkmark beside Start Dropbox on system startup.
1. Create a new text file called bootup.bat somewhere on your C: drive.
2. If file extensions are hidden by Explorer, you may need to turn them on to ensure the file gets the .bat extension rather than .bat.txt. (The option in Explorer is under Tools | Folder Options | View, then under Advanced Settings select Show hidden files, folders and drives).
3. Paste the following commands into the bat file:
@echo off
rem Every second, check to see if volume is mounted
echo Waiting for volume...
:keepwaiting
ping -n 1 -w 1000 127.0.0.1 > nul
if not exist F:\ goto keepwaiting
start "Dropbox" "C:\Documents and Settings\YourUserName\Application Data\Dropbox\bin\Dropbox.exe"

4. Tailor the script as follows, then save it:
Change F:\ to the drive letter of your mounted volume (which you picked in step 2.2)
Change the path on the last line to include the location of the Dropbox application files. e.g. On Windows 7 it would be:
C:\Users\YourUserName\AppData\Roaming\Dropbox\bin\Dropbox.exe

FYI, before you dismount the encrypted volume, you'll need to close Dropbox.

Dropbox's tips and tricks wiki notes that there are also sensitive *.db (Dropbox configuration) files located in alternative locations, and offers suggestions for ways to relocate those files or the entire Dropbox application.